Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Random Spam Sites Pop-Up / Google Redirect & Hearing commercial ad


  • This topic is locked This topic is locked

#16
bigchris

bigchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
There I finally did everything you said even though it took a while thanks for helping. I sent you all logs :). Hope to hear from you soon so you can tell me what to do now
  • 0

Advertisements


#17
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Good job! So far so good. Run OTL again

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan/Fixes box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
shsvcs.*
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.txt. This file is also saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it here to me

  • 0

#18
bigchris

bigchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Okay will do thanks, running it right now :)

Edited by bigchris, 14 June 2012 - 07:26 AM.

  • 0

#19
bigchris

bigchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
OTL logfile created on: 6/14/2012 9:28:44 AM - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 51.49% Memory free
7.98 Gb Paging File | 5.82 Gb Available in Paging File | 72.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.39 Gb Total Space | 146.42 Gb Free Space | 51.49% Space Free | Partition Type: NTFS
Drive D: | 13.70 Gb Total Space | 1.77 Gb Free Space | 12.93% Space Free | Partition Type: NTFS

Computer Name: CHRIS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/14 09:25:34 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2012/06/11 13:28:58 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/07/20 11:46:32 | 000,080,704 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2011/07/02 01:30:46 | 000,263,504 | ---- | M] () -- C:\Windows\SysWOW64\cfgmig32.exe
PRC - [2009/04/22 23:06:52 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2009/04/22 22:53:22 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/04/22 22:53:22 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009/03/11 11:42:08 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/12/17 20:11:40 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/04/22 22:53:22 | 000,267,656 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll
MOD - [2009/04/22 22:53:22 | 000,124,288 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLSchMgr.dll
MOD - [2009/04/22 22:53:22 | 000,038,184 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapSvcps.dll
MOD - [2009/04/22 22:53:20 | 000,349,480 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/01/13 16:32:11 | 000,291,656 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe -- (CAAMSvc)
SRV:64bit: - [2011/07/02 01:27:14 | 000,286,032 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV:64bit: - [2011/07/02 01:27:12 | 000,359,248 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV:64bit: - [2011/05/30 04:11:44 | 000,312,656 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/04/04 13:42:30 | 000,920,656 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe -- (UmxEngine)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/06/03 20:43:18 | 000,239,104 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/27 18:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006/11/22 05:11:54 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxctcoms.exe -- (lxct_device)
SRV - [2012/06/11 13:29:00 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/29 22:15:41 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/07/20 11:46:32 | 000,080,704 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (FreemakeUtilsService)
SRV - [2011/07/02 01:30:46 | 000,263,504 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\cfgmig32.exe -- (WinSvchostManagerSrv)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/16 19:16:44 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/04/22 22:53:22 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009/04/22 22:53:22 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/17 20:11:40 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/22 05:11:36 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxctcoms.exe -- (lxct_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/13 16:32:13 | 000,202,320 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\KmxCF.sys -- (KmxCF)
DRV:64bit: - [2012/01/13 16:32:13 | 000,143,824 | ---- | M] (CA) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\kmxfw.sys -- (KmxFw)
DRV:64bit: - [2012/01/13 16:32:13 | 000,099,024 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\KmxFilter.sys -- (KmxFilter)
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/12 18:22:18 | 000,364,624 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kmxcfg.sys -- (KmxCfg)
DRV:64bit: - [2011/05/10 18:46:06 | 000,178,768 | ---- | M] (CA) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\KmxAMRT.sys -- (KmxAMRT)
DRV:64bit: - [2011/03/23 17:29:08 | 000,113,744 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\kmxagent.sys -- (KmxAgent)
DRV:64bit: - [2011/03/23 17:29:08 | 000,087,120 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\KmxFile.sys -- (KmxFile)
DRV:64bit: - [2011/02/24 15:36:46 | 000,081,488 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\KmxSbx.sys -- (KmxSbx)
DRV:64bit: - [2010/07/27 11:53:07 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2010/06/23 09:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2010/04/27 14:40:40 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/25 15:19:02 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/12/31 19:07:47 | 000,082,048 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\pcouffin64a.sys -- (Pcouffin64)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/07/21 14:03:34 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/03 20:43:18 | 000,486,400 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/01 14:50:52 | 000,033,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\point64k.sys -- (Point64)
DRV:64bit: - [2009/06/01 14:50:52 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/12/30 12:18:40 | 000,068,608 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/10/28 09:33:30 | 008,039,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/08/18 03:11:52 | 000,013,312 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ICDUSB3.sys -- (ICDUSB3)
DRV:64bit: - [2008/07/17 12:38:16 | 000,143,248 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/06/04 17:55:16 | 000,129,536 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/01/31 19:23:14 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/01/20 22:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 22:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel®
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2003/09/08 21:30:31 | 000,011,376 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2C284C26-5B06-4DFC-B46C-9D2EA294202A}
IE:64bit: - HKLM\..\SearchScopes\{2C284C26-5B06-4DFC-B46C-9D2EA294202A}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{3F69DA71-DC06-4D09-BEF6-BC86B2EA700C}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0B4A10D1-FBD6-451d-BFDA-F03252B05984}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKLM\..\SearchScopes\{2C284C26-5B06-4DFC-B46C-9D2EA294202A}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{3F69DA71-DC06-4D09-BEF6-BC86B2EA700C}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2424309

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADFA_en
IE - HKCU\..\SearchScopes\{92a3a126-5ea4-4c39-98c5-3b17591b7014}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "LockerzAlerts Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/...GO&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\SearchPredict\PRFireFox [2011/07/29 22:23:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SpeedBit Video Downloader\SPFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\Firefox [2012/01/13 16:03:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/17 15:55:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/06 21:47:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/06 21:47:56 | 000,000,000 | ---D | M]

[2009/12/09 22:58:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2012/05/30 16:02:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\94jd3e2x.default\extensions
[2010/04/27 15:03:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\94jd3e2x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/30 16:02:21 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\94jd3e2x.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/04/15 10:00:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\94jd3e2x.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/05 14:22:46 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\94jd3e2x.default\extensions\[email protected]
[2010/06/08 11:36:50 | 000,000,929 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\94jd3e2x.default\searchplugins\conduit.xml
[2012/01/18 22:26:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/17 15:55:40 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/04/22 17:14:46 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll
[2012/02/15 16:25:31 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/15 16:25:31 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/13 18:58:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (CA Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (CA Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll (CA, Inc.)
O3:64bit: - HKLM\..\Toolbar: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKLM\..\Toolbar: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll (CA, Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll File not found
O4:64bit: - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ViGlance] C:\Program Files (x86)\ViGlance\ViGlance.exe (Lee-Soft.com, Lee Matthew Chantrey)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000022 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000023 - C:\Windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3F4AC0C9-3A7D-4115-99B4-2693DE0014AF} http://optimum.net/d...nerXControl.ocx (TNetworkScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D95BBDBE-0930-4FDD-9DD2-1D31084F09AF}: DhcpNameServer = 167.206.245.129 167.206.245.130
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\vsharechrome - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\UmxSbxExA64.dll) - C:\Windows\SysNative\UmxSbxExA64.dll (CA)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\PFW: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20:64bit: - Winlogon\Notify\WB: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\PFW: DllName - (UmxWnp.Dll) - C:\Windows\SysWow64\UmxWNP.dll (CA)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/14 09:25:34 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/06/13 19:16:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/13 18:58:57 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/13 18:08:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/13 18:08:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/13 18:08:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/13 17:46:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/13 17:46:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/13 12:11:34 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/06/13 10:51:50 | 004,557,191 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/06/13 10:30:50 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2012/06/12 22:52:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/06/12 10:19:04 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/06 21:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/06 21:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/06/06 12:33:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2012/06/06 12:08:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rhapsody
[2012/06/03 16:21:55 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/05/28 21:55:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2012/05/28 21:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[1 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/14 09:25:34 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/06/14 09:20:19 | 004,825,696 | ---- | M] () -- C:\Users\Owner\Desktop\Chasing The Sun- The Wanted.mp3
[2012/06/14 09:16:56 | 002,891,463 | ---- | M] () -- C:\Users\Owner\Desktop\Energia Remix- Alexis y Fido ft. Wisin y Yandel.mp3
[2012/06/14 09:14:17 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/14 09:14:17 | 000,604,752 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/14 09:14:17 | 000,104,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/14 09:08:43 | 000,000,432 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/06/14 09:07:23 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/14 09:07:23 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/14 09:06:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/13 22:26:42 | 002,804,927 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k0
[2012/06/13 22:26:42 | 000,224,628 | ---- | M] () -- C:\Windows\SysNative\drivers\KmxAgent.asc
[2012/06/13 22:26:42 | 000,000,381 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k0
[2012/06/13 22:26:42 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k7
[2012/06/13 22:26:42 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k6
[2012/06/13 22:26:42 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k5
[2012/06/13 22:26:42 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k4
[2012/06/13 22:26:42 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k3
[2012/06/13 22:26:42 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k2
[2012/06/13 22:26:42 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k1
[2012/06/13 22:26:42 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k7
[2012/06/13 22:26:42 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k6
[2012/06/13 22:26:42 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k5
[2012/06/13 22:26:42 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k4
[2012/06/13 22:26:42 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k3
[2012/06/13 22:26:42 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k2
[2012/06/13 22:26:42 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k1
[2012/06/13 22:26:29 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/06/13 22:06:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/13 19:58:51 | 000,000,547 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.zip
[2012/06/13 19:58:28 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.dat
[2012/06/13 18:58:29 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/13 18:03:32 | 004,557,191 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/06/13 18:00:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2012/06/13 17:34:06 | 005,086,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/13 12:11:46 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/06/13 10:53:56 | 000,031,744 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/13 10:31:05 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2012/06/10 19:10:44 | 000,001,460 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2012/06/06 12:40:08 | 000,870,128 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\mcs.rma
[2012/05/23 11:27:07 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[1 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/14 09:20:19 | 004,825,696 | ---- | C] () -- C:\Users\Owner\Desktop\Chasing The Sun- The Wanted.mp3
[2012/06/14 09:16:55 | 002,891,463 | ---- | C] () -- C:\Users\Owner\Desktop\Energia Remix- Alexis y Fido ft. Wisin y Yandel.mp3
[2012/06/13 19:58:51 | 000,000,547 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.zip
[2012/06/13 19:58:28 | 000,000,512 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.dat
[2012/06/13 18:08:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/13 18:08:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/13 18:08:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/13 18:08:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/13 18:08:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/12 21:16:36 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\[email protected]
[2012/06/10 21:23:58 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\[email protected]
[2012/06/06 12:34:16 | 000,870,128 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\mcs.rma
[2012/06/03 16:10:35 | 000,000,773 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L\[email protected]
[2012/06/03 16:10:34 | 000,093,696 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\[email protected]
[2012/06/03 16:10:34 | 000,076,800 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\[email protected]
[2012/06/03 16:10:33 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\[email protected]
[2012/06/03 16:10:33 | 000,001,584 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\[email protected]
[2012/03/26 11:09:50 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012/03/26 11:09:50 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/03/21 17:07:04 | 000,038,429 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Comma Separated Values (Windows).ADR
[2012/01/13 16:05:36 | 001,422,672 | ---- | C] () -- C:\Windows\SysWow64\cfgmig32.dll
[2012/01/13 16:05:36 | 000,263,504 | ---- | C] () -- C:\Windows\SysWow64\cfgmig32.exe
[2012/01/13 16:03:18 | 004,108,304 | ---- | C] () -- C:\Windows\SysWow64\win32cpr.dll
[2012/01/13 16:03:18 | 003,207,184 | ---- | C] () -- C:\Windows\SysWow64\mdmcls32.exe
[2012/01/13 16:03:18 | 002,760,720 | ---- | C] () -- C:\Windows\SysWow64\svcprs32.exe
[2012/01/13 16:03:18 | 001,744,912 | ---- | C] () -- C:\Windows\SysWow64\winsflt.dll
[2012/01/13 16:03:18 | 000,098,320 | ---- | C] () -- C:\Windows\SysWow64\winsfinst.exe
[2012/01/11 19:10:38 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
[2012/01/11 19:10:38 | 000,002,048 | -HS- | C] () -- C:\Users\Owner\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/06/08 15:46:59 | 011,794,135 | ---- | C] () -- C:\Users\Owner\AppData\Local\ssaptn.185
[2011/05/30 18:22:21 | 011,792,676 | ---- | C] () -- C:\Users\Owner\AppData\Local\ssaptn.183
[2011/05/30 18:22:19 | 169,062,057 | ---- | C] () -- C:\Users\Owner\AppData\Local\lpt$vpn.191
[2011/05/24 13:59:39 | 170,535,081 | ---- | C] () -- C:\Users\Owner\AppData\Local\lpt$vpn.177
[2011/05/23 14:39:18 | 011,791,036 | ---- | C] () -- C:\Users\Owner\AppData\Local\ssaptn.179
[2011/05/23 14:39:16 | 171,126,441 | ---- | C] () -- C:\Users\Owner\AppData\Local\lpt$vpn.173
[2011/01/29 14:13:25 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\mp3dec.dll
[2011/01/29 14:13:25 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\dsp_trc.dll
[2011/01/29 14:13:25 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\IcdSptSvps.dll
[2011/01/25 21:21:19 | 000,721,764 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/20 20:13:55 | 000,839,680 | ---- | C] () -- C:\Windows\SysWow64\FDRpage.dll
[2010/12/20 20:13:43 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\CreateDir.exe

========== LOP Check ==========

[2009/12/01 15:21:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\5400 Series
[2009/06/28 17:12:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore
[2010/09/29 21:24:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/01 13:09:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/07 20:56:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IObit
[2012/03/05 12:09:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ooVoo Details
[2011/03/23 15:15:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Opera
[2009/07/15 22:40:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PeerNetworking
[2011/11/16 20:21:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Rovio
[2010/12/01 22:40:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SeriousBit
[2009/12/04 13:09:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Stardock
[2009/06/28 17:05:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2011/02/17 17:23:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ViGlance
[2009/07/09 08:30:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WildTangent
[2010/01/05 18:43:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch
[2010/10/21 21:39:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
[2010/04/07 20:32:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WindSolutions
[2012/06/13 18:00:00 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2012/06/13 22:26:29 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2009/05/25 18:59:41 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2009/05/25 18:59:40 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2009/05/25 18:59:41 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2009/05/25 18:59:40 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\ERDNT\cache86\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009/05/25 18:59:40 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2009/05/25 18:59:40 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2009/05/25 18:59:40 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2009/05/25 18:59:40 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 22:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 22:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: SHSVCS.DLL >
[2010/01/14 13:58:22 | 000,301,568 | ---- | M] (Microsoft Corporation) MD5=21D8F71E022F52BB2E94BD3947BFE7AB -- C:\Windows\SysNative\shsvcs.dll
[2008/01/20 22:48:23 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=27F10F348E508243F6254846F8370D0D -- C:\Windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll
[2009/04/11 03:11:24 | 000,301,568 | ---- | M] (Microsoft Corporation) MD5=2AD15758174DCC7993FF3C00A955DD66 -- C:\Windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18005_none_2b3a71b9d26cd364\shsvcs.dll
[2009/04/11 02:28:24 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=C818C44C201898399BF999BB6B35D4E3 -- C:\Windows\ERDNT\cache86\shsvcs.dll
[2009/04/11 02:28:24 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=C818C44C201898399BF999BB6B35D4E3 -- C:\Windows\SysWOW64\shsvcs.dll
[2009/04/11 02:28:24 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=C818C44C201898399BF999BB6B35D4E3 -- C:\Windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18005_none_cf1bd6361a0f622e\shsvcs.dll
[2008/01/20 22:50:39 | 000,301,568 | ---- | M] (Microsoft Corporation) MD5=EB3114330236CF030E8EDF62881BAF67 -- C:\Windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_294ef8add54b0818\shsvcs.dll

< MD5 for: SHSVCS.DLL.MUI >
[2006/11/02 11:13:45 | 000,002,560 | ---- | M] (Microsoft Corporation) MD5=7178DE66596A1179CCF8188687C86D3A -- C:\Windows\SysNative\en-US\shsvcs.dll.mui
[2006/11/02 11:13:45 | 000,002,560 | ---- | M] (Microsoft Corporation) MD5=7178DE66596A1179CCF8188687C86D3A -- C:\Windows\winsxs\amd64_microsoft-windows-shsvcs.resources_31bf3856ad364e35_6.0.6000.16386_en-us_f1d42c109bbac26b\shsvcs.dll.mui
[2006/11/02 11:13:57 | 000,003,072 | ---- | M] (Microsoft Corporation) MD5=B9555129049D183062608BC5C629841B -- C:\Windows\SysWOW64\en-US\shsvcs.dll.mui
[2006/11/02 11:13:57 | 000,003,072 | ---- | M] (Microsoft Corporation) MD5=B9555129049D183062608BC5C629841B -- C:\Windows\winsxs\x86_microsoft-windows-shsvcs.resources_31bf3856ad364e35_6.0.6000.16386_en-us_95b5908ce35d5135\shsvcs.dll.mui

< MD5 for: SHSVCS.DLL.VGORG >
[2009/04/11 03:11:24 | 000,301,568 | ---- | M] (Microsoft Corporation) MD5=2AD15758174DCC7993FF3C00A955DD66 -- C:\Windows\SysNative\shsvcs.dll.vgorg

< MD5 for: SVCHOST.EXE >
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache86\svchost.exe
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\ERDNT\cache64\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache86\userinit.exe
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\ERDNT\cache64\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 22:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/22 17:14:45 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/22 17:14:45 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/22 17:14:45 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/04/22 17:14:46 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/04/22 17:14:46 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/22 17:14:46 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/04/05 14:04:02 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/04/05 14:04:02 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/04/05 14:04:02 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/05/17 19:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/05/17 19:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/04/05 14:03:50 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/04/05 14:03:50 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/04/05 14:03:50 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/05/17 19:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/05/17 19:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)

< End of report >
  • 0

#20
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
I see that we still have work to do. There are still infection on your system.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;
    [2012/06/13 22:26:42 | 002,804,927 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k0
    [2012/06/13 22:26:42 | 000,224,628 | ---- | M] () -- C:\Windows\SysNative\drivers\KmxAgent.asc
    [2012/06/13 22:26:42 | 000,000,381 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k0
    [2012/06/13 22:26:42 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k7
    [2012/06/13 22:26:42 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k6
    [2012/06/13 22:26:42 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k5
    [2012/06/13 22:26:42 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k4
    [2012/06/13 22:26:42 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k3
    [2012/06/13 22:26:42 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k2
    [2012/06/13 22:26:42 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k1
    [2012/06/13 22:26:42 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k7
    [2012/06/13 22:26:42 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k6
    [2012/06/13 22:26:42 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k5
    [2012/06/13 22:26:42 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k4
    [2012/06/13 22:26:42 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k3
    [2012/06/13 22:26:42 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k2
    [2012/06/13 22:26:42 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k1
    [2012/06/12 21:16:36 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\[email protected]
    [2012/06/10 21:23:58 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\[email protected]
    [2012/06/06 12:34:16 | 000,870,128 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\mcs.rma
    [2012/06/03 16:10:35 | 000,000,773 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L\[email protected]
    [2012/06/03 16:10:34 | 000,093,696 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\[email protected]
    [2012/06/03 16:10:34 | 000,076,800 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\[email protected]
    [2012/06/03 16:10:33 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\[email protected]
    [2012/06/03 16:10:33 | 000,001,584 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\[email protected]
    [2012/01/11 19:10:38 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
    [2012/01/11 19:10:38 | 000,002,048 | -HS- | C] () -- C:\Users\Owner\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
    [2011/06/08 15:46:59 | 011,794,135 | ---- | C] () -- C:\Users\Owner\AppData\Local\ssaptn.185
    [2011/05/30 18:22:21 | 011,792,676 | ---- | C] () -- C:\Users\Owner\AppData\Local\ssaptn.183
    [2011/05/30 18:22:19 | 169,062,057 | ---- | C] () -- C:\Users\Owner\AppData\Local\lpt$vpn.191
    [2011/05/24 13:59:39 | 170,535,081 | ---- | C] () -- C:\Users\Owner\AppData\Local\lpt$vpn.177
    [2011/05/23 14:39:18 | 011,791,036 | ---- | C] () -- C:\Users\Owner\AppData\Local\ssaptn.179
    [2011/05/23 14:39:16 | 171,126,441 | ---- | C] () -- C:\Users\Owner\AppData\Local\lpt$vpn.173

    :Files
    ipconfig /flushdns /c
    C:\Windows\SysNative\shsvcs.dll|C:\Windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll /replace

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles
Step 2

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • VRT log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#21
bigchris

bigchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
1) It rebooted fast is that normal ? And heres the log

========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
C:\Windows\SysNative\drivers\kmxcfg.u2k0 moved successfully.
C:\Windows\SysNative\drivers\KmxAgent.asc moved successfully.
C:\Windows\SysNative\drivers\kmxzone.u2k0 moved successfully.
C:\Windows\SysNative\drivers\kmxcfg.u2k7 moved successfully.
C:\Windows\SysNative\drivers\kmxcfg.u2k6 moved successfully.
C:\Windows\SysNative\drivers\kmxcfg.u2k5 moved successfully.
C:\Windows\SysNative\drivers\kmxcfg.u2k4 moved successfully.
C:\Windows\SysNative\drivers\kmxcfg.u2k3 moved successfully.
C:\Windows\SysNative\drivers\kmxcfg.u2k2 moved successfully.
C:\Windows\SysNative\drivers\kmxcfg.u2k1 moved successfully.
C:\Windows\SysNative\drivers\kmxzone.u2k7 moved successfully.
C:\Windows\SysNative\drivers\kmxzone.u2k6 moved successfully.
C:\Windows\SysNative\drivers\kmxzone.u2k5 moved successfully.
C:\Windows\SysNative\drivers\kmxzone.u2k4 moved successfully.
C:\Windows\SysNative\drivers\kmxzone.u2k3 moved successfully.
C:\Windows\SysNative\drivers\kmxzone.u2k2 moved successfully.
C:\Windows\SysNative\drivers\kmxzone.u2k1 moved successfully.
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\[email protected] moved successfully.
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\[email protected] moved successfully.
C:\Users\Owner\AppData\Roaming\mcs.rma moved successfully.
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L\[email protected] moved successfully.
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\[email protected] moved successfully.
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\[email protected] moved successfully.
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\[email protected] moved successfully.
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\[email protected] moved successfully.
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ moved successfully.
C:\Users\Owner\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ moved successfully.
C:\Users\Owner\AppData\Local\ssaptn.185 moved successfully.
C:\Users\Owner\AppData\Local\ssaptn.183 moved successfully.
C:\Users\Owner\AppData\Local\lpt$vpn.191 moved successfully.
C:\Users\Owner\AppData\Local\lpt$vpn.177 moved successfully.
C:\Users\Owner\AppData\Local\ssaptn.179 moved successfully.
C:\Users\Owner\AppData\Local\lpt$vpn.173 moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
Unable to replace file: C:\Windows\SysNative\shsvcs.dll with C:\Windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll without a reboot.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.48.0 log created on 06142012_212039

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#22
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OTL did good job so everything is good for now. Do VRT scan and post log after it.
  • 0

#23
bigchris

bigchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Okay will do its just scanning Im in 55% only going to post it when it finishes okay. Thanks alot!!!
  • 0

#24
bigchris

bigchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
2) There it finally finished scanning here Im posting what you told me to. Hope everything is fine now :)

Status: Deleted (events: 2)
6/14/2012 10:18:53 PM Deleted Trojan program HEUR:Backdoor.Win64.Generic C:\Documents and Settings\Owner\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\n High
6/15/2012 8:54:39 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4UZX392S\births[1].htm High
Status: Disinfected (events: 2)
6/14/2012 10:14:16 PM Disinfected Trojan program Exploit.Java.CVE-2011-3544.it C:\Documents and Settings\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\937131e-5e3c4ba6 High
6/14/2012 10:14:16 PM Disinfected Trojan program Exploit.Java.CVE-2011-3544.it C:\Documents and Settings\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\937131e-5e3c4ba6/Applet.class High
  • 0

#25
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
We need to replace one system file too.

1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to move:
C:\Windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll | C:\Windows\SysNative\shsvcs.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.
  • 0

Advertisements


#26
bigchris

bigchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
For some reason is says window doest let me extract and its just an blank folder and im keep getting from my antivirus alert of a malware infection ? Why and what do i do now ?
  • 0

#27
bigchris

bigchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Each time I download something my antivirus scans it and it says they found it was a threat and deletes the folder ?
  • 0

#28
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please restart your system once. We will try Combofix so you need to disable your antivirus as you did first time.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::

FCopy::
C:\Windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll | C:\Windows\SysNative\shsvcs.dll


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#29
bigchris

bigchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Okay will do right now asap thanks for responding quick :) brb
  • 0

#30
bigchris

bigchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Here it is I did what you asked me to do hopefully everything now is good :). Thanks


ComboFix 12-06-15.06 - Owner 06/15/2012 16:30:23.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.2186 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: CA Anti-Virus Plus *Disabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
FW: CA Personal Firewall *Disabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591}
SP: CA Anti-Virus Plus *Disabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
/wow section - STAGE 4
Access is denied.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll --> c:\windows\system32\shsvcs.dll
.
((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
.
.
2012-06-15 20:55 . 2012-06-15 20:55 -------- d-----w- c:\users\Rosario\AppData\Local\temp
2012-06-15 20:55 . 2012-06-15 20:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-15 20:19 . 2012-06-15 20:19 16712 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2012-06-15 01:31 . 2012-06-15 01:31 -------- d-----w- c:\programdata\Kaspersky Lab
2012-06-15 01:20 . 2012-06-15 01:20 -------- dc----w- C:\_OTL
2012-06-14 13:51 . 2012-06-14 13:51 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{16C9AF7D-91E3-4F0E-9B1D-5F73DD6C6F68}\offreg.dll
2012-06-14 13:24 . 2012-05-08 17:02 8955792 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{16C9AF7D-91E3-4F0E-9B1D-5F73DD6C6F68}\mpengine.dll
2012-06-13 21:23 . 2012-05-18 02:02 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-06-13 21:23 . 2012-05-18 02:01 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-06-13 21:23 . 2012-05-17 22:38 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-06-13 21:23 . 2012-05-17 22:37 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-06-13 19:52 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 19:52 . 2012-05-15 20:15 2767360 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 19:51 . 2012-04-23 16:25 1267200 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 19:51 . 2012-04-23 16:00 984064 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 19:51 . 2012-04-23 16:25 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 19:51 . 2012-04-23 16:25 132096 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 19:51 . 2012-04-23 16:00 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-13 19:51 . 2012-04-23 16:00 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 02:52 . 2012-06-13 02:52 -------- d-----w- c:\program files (x86)\ESET
2012-06-12 14:19 . 2012-06-12 14:19 -------- dc----w- C:\TDSSKiller_Quarantine
2012-06-06 16:33 . 2012-06-06 16:33 -------- d-----w- c:\program files (x86)\Common Files\Real
2012-06-06 16:08 . 2002-11-12 16:22 569397 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\RichFX\Player\nprfxins.dll
2012-06-06 16:08 . 2012-06-12 01:47 -------- d-----w- c:\program files (x86)\Rhapsody
2012-06-03 20:21 . 2012-06-03 20:21 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-11 17:28 . 2012-04-04 22:40 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-11 17:28 . 2012-01-17 19:42 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 03:06 . 2012-04-04 23:06 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-03 02:55 . 2012-05-03 02:55 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-03 08:22 . 2012-05-13 14:05 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:45 . 2012-05-13 14:07 1422720 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 14:22 . 2012-05-13 14:07 40448 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-03-20 23:34 . 2012-05-13 14:06 72576 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-01-14 . 21D8F71E022F52BB2E94BD3947BFE7AB . 301568 . . [6.0.6000.16386] .. c:\windows\system32\shsvcs.dll
.
((((((((((((((((((((((((((((( [email protected]_22.59.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-28 03:18 . 2012-06-15 21:00 26546 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-238594755-956103800-1557970134-1000_UserData.bin
+ 2009-06-28 03:18 . 2012-06-15 21:00 26546 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-238594755-956103800-1557970134-1000_UserData.bin
- 2009-05-25 23:11 . 2012-06-13 21:59 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-25 23:11 . 2012-06-15 02:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-25 23:11 . 2012-06-15 02:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-06-14 00:28 . 2012-06-14 00:28 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\45cea41d795fbfd7e085a8ad6671b7c8\System.Web.DynamicData.Design.ni.dll
+ 2012-06-14 00:08 . 2012-06-14 00:08 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\049e3678413f406a0beca6d54c317ac9\WindowsLiveWriter.ni.exe
+ 2012-06-14 00:12 . 2012-06-14 00:12 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3e2877309499e4ab661dc95252da9e39\System.Web.DynamicData.Design.ni.dll
- 2012-06-13 22:57 . 2012-06-13 22:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-15 20:58 . 2012-06-15 20:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-15 20:58 . 2012-06-15 20:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-13 22:57 . 2012-06-13 22:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-01-21 03:20 . 2012-06-15 14:42 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-06-13 21:25 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 02:23 . 2012-06-15 21:00 113326 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-01-21 02:23 . 2012-06-15 21:00 113326 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-06-15 21:00 124138 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-06-15 21:00 124138 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 12:46 . 2012-06-15 20:03 607694 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-06-15 20:03 607694 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-06-15 20:03 105302 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2012-06-15 20:03 105302 c:\windows\system32\perfc009.dat
+ 2010-10-22 01:43 . 2012-06-15 20:56 525664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-10-22 01:43 . 2012-06-13 22:55 525664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-15 14:38 . 2012-06-15 14:38 188416 c:\windows\Installer\29ad441.msi
+ 2012-06-14 00:34 . 2012-06-14 00:34 337408 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\08becdcc9bd647c4e4d07ceea7fe4895\WindowsFormsIntegration.ni.dll
+ 2012-06-14 00:34 . 2012-06-14 00:34 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\ca5505a49a075ee7ad2535f89d9ea992\System.ServiceProcess.ni.dll
+ 2012-06-14 00:33 . 2012-06-14 00:33 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\0d8257087be3e57b071d1d5ccd705c2f\System.Messaging.ni.dll
+ 2012-06-14 00:33 . 2012-06-14 00:33 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\52792a7ce63196551c29f5201562c1ae\System.Configuration.Install.ni.dll
+ 2012-06-14 00:29 . 2012-06-14 00:29 422912 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\097137b03ff37196b4b8ba62db34d64a\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-06-14 00:28 . 2012-06-14 00:28 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\44752ffa92ebb7170951a41898d8b9c6\WindowsFormsIntegration.ni.dll
+ 2012-06-14 00:27 . 2012-06-14 00:27 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\5552b27237c3dbe4f21a10e97adf2edc\System.ServiceProcess.ni.dll
+ 2012-06-14 00:27 . 2012-06-14 00:27 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\a730931e386537e3c229e049c9a6d271\System.Messaging.ni.dll
+ 2012-06-14 00:27 . 2012-06-14 00:27 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\c7d60a49e43964b1ae17e9a080376c6d\System.Configuration.Install.ni.dll
+ 2012-06-14 00:12 . 2012-06-14 00:12 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\8cc4dd9babffe370cf375925fba15f84\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-06-14 00:29 . 2012-06-14 00:29 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\80961515d3044ea901548167c32a5098\WindowsFormsIntegration.ni.dll
+ 2012-06-14 00:29 . 2012-06-14 00:29 290304 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\3b418c7263e7bee8431e453c3d656213\TaskScheduler.ni.dll
+ 2012-06-14 00:28 . 2012-06-14 00:28 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\7ed738c9e6e9fd019aefaac8f56c8369\System.Web.Routing.ni.dll
+ 2012-06-14 00:28 . 2012-06-14 00:28 449536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\00a0903af7c1c11be3cca7a98cb6ce18\System.Web.Entity.ni.dll
+ 2012-06-14 00:29 . 2012-06-14 00:29 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\51ee514bc742cadcb78b85f0380db9df\System.Web.Entity.Design.ni.dll
+ 2012-06-14 00:28 . 2012-06-14 00:28 754176 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\c2380ec5280efd702bfe2e25715d3c11\System.Web.DynamicData.ni.dll
+ 2012-06-14 00:28 . 2012-06-14 00:28 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\2ed431cbe077cfcd288ecda76d4b96a0\System.Web.Abstractions.ni.dll
+ 2012-06-13 23:08 . 2012-06-13 23:08 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\3684a5e85850ee745803ade3c6280f2d\System.ServiceProcess.ni.dll
+ 2012-06-13 23:08 . 2012-06-13 23:08 782848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\f16066c5217b2bae461d1c3a36b6675a\System.Messaging.ni.dll
+ 2012-06-13 23:08 . 2012-06-13 23:08 191488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\576f9dcaf73e3e48cb4bd57f88e44c33\System.Configuration.Install.ni.dll
+ 2012-06-14 00:20 . 2012-06-14 00:20 852992 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\e9bd06b6e8d13de7688a7b8d9caae4be\napsnap.ni.dll
+ 2012-06-14 00:20 . 2012-06-14 00:20 154112 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\d18aaabc1ed8e516fd6e15673ced499f\napinit.ni.dll
+ 2012-06-13 23:09 . 2012-06-13 23:09 414720 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\d5f4f13114a618bff85ea70be9060c28\MMCFxCommon.ni.dll
+ 2012-06-13 23:09 . 2012-06-13 23:09 933376 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\571c66f0a8ca17316e9b6e1a7f71640b\Microsoft.MediaCenter.ni.dll
+ 2012-06-13 23:09 . 2012-06-13 23:09 794624 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\a4de1bbf800bcc9e700b80d51f26f91e\Microsoft.ManagementConsole.ni.dll
+ 2012-06-13 23:09 . 2012-06-13 23:09 645120 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\cbaec0147fffacc1c80d7b03a74a7f9f\EventViewer.ni.dll
+ 2012-06-13 23:09 . 2012-06-13 23:09 368640 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\b2ae3bbc46f1352799b35d8674a9f993\ehExtHost.ni.exe
+ 2012-06-14 00:09 . 2012-06-14 00:09 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\c66eb7c6e495b6a4fc008b2cb7a71664\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-06-14 00:09 . 2012-06-14 00:09 665600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e554972c10af1f48e3e446a266b282fd\WindowsLive.Writer.Interop.ni.dll
+ 2012-06-14 00:09 . 2012-06-14 00:09 101376 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d826bef886460c5013ccb1d95721318e\WindowsLive.Writer.Api.ni.dll
+ 2012-06-14 00:09 . 2012-06-14 00:09 890880 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a7bd0c8151e42189390e8eb23d3724a5\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-06-14 00:09 . 2012-06-14 00:09 871936 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8135f87905ee1e3a4c93a6aa3498d0ad\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-06-14 00:09 . 2012-06-14 00:09 325632 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6dfce38fa28c3768cf3a9f0b67c08d9d\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-06-14 00:09 . 2012-06-14 00:09 780288 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5aaccb27b7edbe0d4944d25bcaa6ee97\WindowsLive.Writer.Controls.ni.dll
+ 2012-06-14 00:09 . 2012-06-14 00:09 121856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3f7ecb3f4293b490824bd0594c5421a1\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-06-14 00:09 . 2012-06-14 00:09 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\36b3f969ceb32fbc0beefa2e0cfe8400\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-06-14 00:09 . 2012-06-14 00:09 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\06eecd96de56386ad5efe0936529b357\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-06-14 00:09 . 2012-06-14 00:09 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0101b07f7d0a3698d2f4ac092eefea88\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-06-14 00:09 . 2012-06-14 00:09 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\584fa11c7c16b330d5c23201e3baaf1e\WindowsLive.Client.ni.dll
+ 2012-06-14 00:12 . 2012-06-14 00:12 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9104e78d8897df008eed3a2af3bda6a2\WindowsFormsIntegration.ni.dll
+ 2012-06-14 00:12 . 2012-06-14 00:12 235520 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\dff98b9115ba5b0f796550c3604f3ac2\TaskScheduler.ni.dll
+ 2012-06-14 00:11 . 2012-06-14 00:11 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\4d73bbe950309d7589e392c07e767981\System.Web.Routing.ni.dll
+ 2012-06-14 00:12 . 2012-06-14 00:12 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c1a4d33fc32145339a8d6ecce8814a82\System.Web.Extensions.Design.ni.dll
+ 2012-06-14 00:12 . 2012-06-14 00:12 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\f8313d1191728d85c9a2c28995421886\System.Web.Entity.ni.dll
+ 2012-06-14 00:12 . 2012-06-14 00:12 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\c332e16f64df41792d0cc94eff9a40cc\System.Web.Entity.Design.ni.dll
+ 2012-06-14 00:12 . 2012-06-14 00:12 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3acd7d1f09834f8ad2b6f7c97f12d275\System.Web.DynamicData.ni.dll
+ 2012-06-14 00:11 . 2012-06-14 00:11 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6308ea7dcc6abd9aea29b448a03f0af3\System.Web.Abstractions.ni.dll
+ 2012-06-14 00:09 . 2012-06-14 00:09 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll
+ 2012-06-14 00:09 . 2012-06-14 00:09 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\8ad39a1c48ba36b5210abe02ef03bc2a\System.Messaging.ni.dll
+ 2012-06-14 00:09 . 2012-06-14 00:09 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\559eb472944e19bca4d034eda4bdfcb7\System.Configuration.Install.ni.dll
+ 2012-06-14 00:11 . 2012-06-14 00:11 724992 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\2840f96c0590375ed722b20354bcd554\napsnap.ni.dll
+ 2012-06-14 00:11 . 2012-06-14 00:11 110080 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\e1de44dda528f5126f251f146f30487a\napinit.ni.dll
+ 2012-06-14 00:10 . 2012-06-14 00:10 285184 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\9621076f8f44240e769dd03177d0c47f\MMCFxCommon.ni.dll
+ 2012-06-14 00:10 . 2012-06-14 00:10 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\f22e7365e7527cd3c3f707218d8e3a10\Microsoft.MediaCenter.ni.dll
+ 2012-06-14 00:10 . 2012-06-14 00:10 558592 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\ef6a66d52d531be206ac416483aed2b8\Microsoft.ManagementConsole.ni.dll
+ 2012-06-14 00:10 . 2012-06-14 00:10 543744 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\11804905535690869865532b52f0454a\EventViewer.ni.dll
+ 2012-06-14 00:10 . 2012-06-14 00:10 243200 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\dd7fe12b0ee02626a53b9053f8669141\ehExtHost32.ni.exe
+ 2008-01-21 03:20 . 2012-06-15 14:42 2408448 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2012-06-13 21:25 2408448 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-28 02:13 . 2012-06-15 20:56 4792660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-238594755-956103800-1557970134-1000-8192.dat
+ 2010-10-22 01:43 . 2012-06-15 17:12 3920924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-238594755-956103800-1557970134-1000-12288.dat
+ 2012-06-14 00:30 . 2012-06-14 00:30 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\e286701acf74012d3aa4a21953f03b6b\WindowsBase.ni.dll
+ 2012-06-14 00:34 . 2012-06-14 00:34 5645824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\950f64ba9fb22ca06c5b2b9cf6f5f4b4\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-06-14 00:33 . 2012-06-14 00:33 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\d2de16284459454472a6875185c64d08\System.Printing.ni.dll
+ 2012-06-14 00:32 . 2012-06-14 00:32 2305024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\1225ef41527a975de83f22328d0a3b93\System.Drawing.ni.dll
+ 2012-06-14 00:32 . 2012-06-14 00:32 2403328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\ad9ff5d55f7ea22e80c39e0ff0240984\System.Deployment.ni.dll
+ 2012-06-14 00:33 . 2012-06-14 00:33 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\707f90689caf41ad429bf3ad373503cb\System.Activities.Presentation.ni.dll
+ 2012-06-14 00:33 . 2012-06-14 00:33 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\16c9569b75a9f47c38b60ba733936e1a\ReachFramework.ni.dll
+ 2012-06-14 00:32 . 2012-06-14 00:32 2056704 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\9c3d6b3ddef66cac069b6ab1fec514f8\PresentationUI.ni.dll
+ 2012-06-14 00:29 . 2012-06-14 00:29 1843712 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\e4d308f69077903e24de92fe4fc06d29\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-06-14 00:29 . 2012-06-14 00:29 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\70e2694fe050bd480b9f61f935ca2da5\Microsoft.VisualBasic.ni.dll
+ 2012-06-14 00:27 . 2012-06-14 00:27 4587008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\7f0476e4df01ca2219f7db531408e91c\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-06-14 00:13 . 2012-06-14 00:13 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\f87f8bc0bc9563096150f23f6c220e7b\System.Printing.ni.dll
+ 2012-06-14 00:12 . 2012-06-14 00:12 1880064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\e899cda47704280f54949c69b78c55cc\System.Deployment.ni.dll
+ 2012-06-14 00:13 . 2012-06-14 00:13 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\36299fad6b7b591cfb6bd9e50dbd33df\System.Activities.Presentation.ni.dll
+ 2012-06-14 00:13 . 2012-06-14 00:13 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\442af6f7c8b447bdec3ad8d23da89c5a\ReachFramework.ni.dll
+ 2012-06-14 00:12 . 2012-06-14 00:12 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\cf455da9b8fedf66767c1a7ab3eea9c9\PresentationUI.ni.dll
+ 2012-06-14 00:12 . 2012-06-14 00:12 1139712 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\2ed0173a2e75b1a3943bd2d96649a50c\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-06-14 00:12 . 2012-06-14 00:12 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\09c2f8f606e09d85cfe6e0ad89fbe729\Microsoft.VisualBasic.ni.dll
+ 2012-06-14 00:29 . 2012-06-14 00:29 1754112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\5ef2b0292d6ef8f7a0b885a593aca44b\System.WorkflowServices.ni.dll
+ 2012-06-13 23:08 . 2012-06-13 23:08 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\19c7bfd896bfd1b6e732d650da6e91b4\System.Web.Services.ni.dll
+ 2012-06-14 00:29 . 2012-06-14 00:29 3335680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\3b1523f87594c367b5020cf5913c078d\System.Web.Mobile.ni.dll
+ 2012-06-14 00:29 . 2012-06-14 00:29 1154560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\c175d1ec8877250db87759686218afbf\System.Web.Extensions.Design.ni.dll
+ 2012-06-14 00:28 . 2012-06-14 00:28 3046912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\5409d4a63b335ff02d51d50095e62288\System.Web.Extensions.ni.dll
+ 2012-06-13 23:11 . 2012-06-13 23:11 1453056 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\6039d7884009694683589bc23a7ee995\System.Printing.ni.dll
+ 2012-06-13 23:08 . 2012-06-13 23:08 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\4a6752662cb45753081058a4e848dc4b\System.Deployment.ni.dll
+ 2012-06-13 23:11 . 2012-06-13 23:11 3101184 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\aedc7938e0a1ef8854e378f1224dfa7d\ReachFramework.ni.dll
+ 2012-06-13 23:11 . 2012-06-13 23:11 2109440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\50abd377da62b8a687f7b41499a9db75\PresentationUI.ni.dll
+ 2012-06-14 00:21 . 2012-06-14 00:21 3482112 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\c2f138d6fe09a7a865698e2070350263\Narrator.ni.exe
+ 2012-06-13 23:12 . 2012-06-13 23:12 2314240 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\5151cc16597c8f407d97883a8cfa4a50\MMCEx.ni.dll
+ 2012-06-13 23:10 . 2012-06-13 23:10 7836672 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\b03b526fba0766ed6ada91d393e7a6fa\MIGUIControls.ni.dll
+ 2012-06-13 23:11 . 2012-06-13 23:11 2173952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\96b6285fda67be4d456d2f6a4d75ab52\Microsoft.VisualBasic.ni.dll
+ 2012-06-13 23:11 . 2012-06-13 23:11 5346816 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\cdc5230f1a47ff0aa945f267fb2bac71\Microsoft.PowerShell.Editor.ni.dll
+ 2012-06-13 23:11 . 2012-06-13 23:11 2101248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\af22d8142f2dad659d4647792f9a5197\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-06-13 23:11 . 2012-06-13 23:11 2104832 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\97cd884f6f751cdd2d9e32d5b123744a\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-06-13 23:08 . 2012-06-13 23:08 7721472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\20a7e859ee7ee6b6037466a0d8a8be2f\Microsoft.MediaCenter.UI.ni.dll
+ 2012-06-13 23:10 . 2012-06-13 23:10 2357248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\d565b0fb0bb312d5ca28046e25876645\Microsoft.Ink.ni.dll
+ 2012-06-13 23:10 . 2012-06-13 23:10 2575872 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\85a4473926ef1f94380ee9be95832772\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-13 23:10 . 2012-06-13 23:10 2217984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\1b9d195833c5a57fab2ed4060df8e82f\Microsoft.Build.Tasks.ni.dll
+ 2012-06-14 00:09 . 2012-06-14 00:09 7023616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9788028815669c594293f322915b924a\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-06-14 00:09 . 2012-06-14 00:09 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9465825d905601288e1e7e8cc9166c23\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-06-14 00:09 . 2012-06-14 00:09 1285120 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\394bbde8617e713e874b80b393956af8\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-06-14 00:09 . 2012-06-14 00:09 1346560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1fdf364b8ce8b5e3990532b0bb2014ef\WindowsLive.Writer.Localization.ni.dll
+ 2012-06-14 00:12 . 2012-06-14 00:12 1316864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\b0c68df1300f0542e7284d2bbcd63258\System.WorkflowServices.ni.dll
+ 2012-06-14 00:09 . 2012-06-14 00:09 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\663112d3002034cf5126be253efff60d\System.Web.Services.ni.dll
+ 2012-06-14 00:12 . 2012-06-14 00:12 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\0b90f82645cbd8de45ef8f5e467af156\System.Web.Mobile.ni.dll
+ 2012-06-14 00:12 . 2012-06-14 00:12 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\89d6ce3139daecdd517135b90e93498b\System.Web.Extensions.ni.dll
+ 2012-06-14 00:11 . 2012-06-14 00:11 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\36fbb8064216ef11bd87afae6ee774dd\System.Printing.ni.dll
+ 2012-06-14 00:09 . 2012-06-14 00:09 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\18050fc0ebf2c4835d05ffd337aa1616\System.Deployment.ni.dll
+ 2012-06-14 00:10 . 2012-06-14 00:10 2146816 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\3b1507e086784fb78e3d5e671aab1b0d\ReachFramework.ni.dll
+ 2012-06-14 00:10 . 2012-06-14 00:10 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\f42d14201dfb29938d5c07468ae91df6\PresentationUI.ni.dll
+ 2012-06-14 00:11 . 2012-06-14 00:11 2538496 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\ab99814c8ea65f32eb9be47c99323a5e\Narrator.ni.exe
+ 2012-06-14 00:11 . 2012-06-14 00:11 1536512 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\cb2db8c862e11358d3bb1b92f85d86bd\MMCEx.ni.dll
+ 2012-06-14 00:10 . 2012-06-14 00:10 6340096 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\82a54c1a86466437495ab3dd91c58b63\MIGUIControls.ni.dll
+ 2012-06-14 00:11 . 2012-06-14 00:11 1711616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll
+ 2012-06-14 00:10 . 2012-06-14 00:10 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\cf16c88f8fbb1020031774cf9134c045\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-06-14 00:11 . 2012-06-14 00:11 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\16dc159df194ef2fbb4ae593623dea73\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-06-14 00:10 . 2012-06-14 00:10 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\09d3142890c6ef56f7c742be21421fc2\Microsoft.PowerShell.Editor.ni.dll
+ 2012-06-14 00:10 . 2012-06-14 00:10 5486080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\cf100c0c1510f5c7bb1e17f2f359883c\Microsoft.MediaCenter.UI.ni.dll
+ 2012-06-14 00:10 . 2012-06-14 00:10 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\c420edef488501ffe0a8bd56d9756955\Microsoft.Ink.ni.dll
+ 2012-06-14 00:10 . 2012-06-14 00:10 1873408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\db447c03dfb2f740c7eff1137b76341e\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-14 00:10 . 2012-06-14 00:10 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\304acbf276a1820a1c11f6f923d52745\Microsoft.Build.Tasks.ni.dll
+ 2008-01-21 03:20 . 2012-06-15 14:42 11894784 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2012-06-13 21:25 11894784 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-07 02:06 . 2012-06-15 20:56 48780668 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-238594755-956103800-1557970134-1000-4096.dat
+ 2012-06-14 00:33 . 2012-06-14 00:33 17355264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\e883d90a0210bf99ca88f3b4ade53a24\System.Windows.Forms.ni.dll
+ 2012-06-14 00:32 . 2012-06-14 00:32 24407552 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\a3c3789d54894008501ce5891f1eeb40\PresentationFramework.ni.dll
+ 2012-06-14 00:30 . 2012-06-14 00:30 15908864 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\9d69a7a407bbc43a1bcb2da603af5840\PresentationCore.ni.dll
+ 2012-06-13 23:08 . 2012-06-13 23:08 15245824 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\5ded60c9ec9be6b40e91234e7af20647\System.Web.ni.dll
+ 2012-06-13 23:09 . 2012-06-13 23:09 15825920 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\9d036f354de56bea373e1f122ba4d389\ehshell.ni.dll
+ 2012-06-14 00:09 . 2012-06-14 00:09 11820032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"ViGlance"="c:\program files (x86)\ViGlance\ViGlance.exe" [2011-10-21 446464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-04-23 206120]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-11 1148200]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2011-02-24 19:33 79368 ----a-w- c:\windows\System32\UmxWNP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 257224]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 15:15 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 17:29]
.
2012-05-23 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-23 19:34]
.
2011-03-06 c:\windows\Tasks\HPCeeScheduleForRosario.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-23 19:34]
.
2012-06-13 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2006-11-02 09:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-21 246784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 153624]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 225816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 200216]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-04 442368]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 2314120]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2011-07-02 2658128]
"SmartMenu"="c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\UmxSbxExA64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
DPF: {3F4AC0C9-3A7D-4115-99B4-2693DE0014AF} - hxxp://optimum.net/downloads/TNetworkScannerXControl.ocx
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\94jd3e2x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2583000&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(general.useragent.extra.brc,
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\SMINST\BLService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
c:\program files (x86)\Viewpoint\Common\ViewpointService.exe
c:\windows\SysWOW64\cfgmig32.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
.
**************************************************************************
.
Completion time: 2012-06-15 17:14:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-15 21:14
ComboFix2.txt 2012-06-13 23:16
.
Pre-Run: 156,353,970,176 bytes free
Post-Run: 156,419,260,416 bytes free
.
- - End Of File - - 4A69091FAE048F41012580382381ECDB
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP